Solved

Admin Rights in GPO to Run a .BAT File

Posted on 2013-01-16
6
849 Views
Last Modified: 2013-01-16
Hello,

I am trying to run a simple .BAT file that will get rid of previous versions of Java and I want to use Group Policy to distribute it.  I have it setup as a startup script in the Group Policy Manager and it works great ... as long as the user logs in with the local or domain Admin account :S

I thought using the startup script in GPM automatically used system admin rights.  Did I miss a step there?

I've tried to find a few simple solutions across the web, but they all seem to involve putting the admin account info in the BAT file ... something I do NOT want to do.

BTW, I am far from a programmer (my BAT file simply has one command in it).  So bear with me.  Also running a Windows 2008 R2 environment and the client machines are Win7.

Any help would be appreciated.
0
Comment
Question by:qec-dpenney
  • 3
  • 2
6 Comments
 
LVL 83

Expert Comment

by:oBdA
ID: 38782813
You're not using a startup script then, but a logon script.
Look under "Computer Configuration\Policies\Windows Settings\Scripts (Startup/Shutdown)".
The startup script will run with System rights, and it will run without a user logging on.
Use this batch file as a template; it will create a startup.log file in %Systemroot%\Temp:
>>"C:Windows\Temp\startup.log" echo Startup script started at %Date% %Time%
>>"%Systemroot%\Temp\startup.log"  echo Running as:
whoami.exe >>"%Systemroot%\Temp\startup.log"
REM Your Java command:

Open in new window

Then assign the GPO to a test computer and reboot the machine. You can check whether the script ran without logging on; in an elevated command prompt, enter type \\TestMachine\Admin$\Temp\startup.log.
0
 

Author Comment

by:qec-dpenney
ID: 38782887
Here is the odd thing ... it is setup under the Startup script ... and I assume the BAT is running at start up since the login in process really takes no time at all to load.  However, If I log as the user, Java is not removed, if I log as either the local or domain admin, Java is removed.

I will try your test BAT though and get back to you, just to make sure I didn't mess anything up.
0
 
LVL 47

Expert Comment

by:Donald Stewart
ID: 38782951
Are you using the script here to remove Java ??

http://community.spiceworks.com/scripts/show/1449-uninstall-java-6
0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 

Author Comment

by:qec-dpenney
ID: 38782975
Yes, but just the command line.  This is my '.BAT file';

wmic product where "name like 'Java(TM) 6%%'" call uninstall /nointeractive

wmic product where "name like 'Java(TM) 7%%'" call uninstall /nointeractive

wmic product where "name like 'Java 7%%'" call uninstall /nointeractive

exit
0
 
LVL 83

Accepted Solution

by:
oBdA earned 500 total points
ID: 38783003
Try this then; it adds some more logging:
@echo off
>>"C:Windows\Temp\startup.log" echo Startup script started at %Date% %Time%
>>"%Systemroot%\Temp\startup.log"  echo Running as:
whoami.exe >>"%Systemroot%\Temp\startup.log"
>>"C:Windows\Temp\startup.log" echo %Time% Uninstalling 'Java(TM) 6%%%%' ...
wmic product where "name like 'Java(TM) 6%%'" call uninstall /nointeractive >>"%Systemroot%\Temp\startup.log" 2>&1
>>"C:Windows\Temp\startup.log" echo %Time% Uninstalling 'Java(TM) 7%%%%' ...
wmic product where "name like 'Java(TM) 7%%'" call uninstall /nointeractive >>"%Systemroot%\Temp\startup.log" 2>&1
>>"C:Windows\Temp\startup.log" echo %Time% Uninstalling 'Java 7%%%%' ...
wmic product where "name like 'Java 7%%'" call uninstall /nointeractive >>"%Systemroot%\Temp\startup.log" 2>&1
>>"C:Windows\Temp\startup.log" echo Startup script ended at %Date% %Time%

Open in new window

0
 

Author Comment

by:qec-dpenney
ID: 38783328
It looks like it is now working.  Thanks for your help with this.  I updated my BAT file with your improved logging BAT file (didn't change any of the GPO settings though) and it looks like it is working.

I think my issue was I was expecting the GPO update to occur too quickly.  With my testing, I had to reboot 3 or 4 times in order for the update to occur, but I kept logging in as a local user (no admin rights) and eventually all Java instances disappeared.

Your logging BAT file helped me determine if it was running and if it was successful (had a couple of 1603 instances instead of 0 ... that may have been an issue as well)

Thanks for your help.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
login windows 10 4 42
Computer crashes on daily bases need help to find the cusses 24 91
Windows 10 Blue Screen of Death Minidump analysis request 9 53
Problem to error 4 43
This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now